Security & Testing Claude 스킬

RF Signal Analysis & Security

Analyzes wireless protocols and radio frequency security to identify vulnerabilities in IoT, mobile, and physical access systems.

Git Security 2025

Enforces modern Git security protocols including signed commits, zero-trust workflows, and proactive secret scanning.

Vitest 3 Master & Best Practices

Optimizes test suites with expert guidance on Vitest 3.x features, including the Annotation API, enhanced mocking, and workspace configurations.

Microsoft Defender for DevOps Integration

Integrates comprehensive security scanning into Azure Pipelines using Microsoft Defender for Cloud to automate vulnerability detection.

GitHub AI & Security Workflows 2025

Implements high-velocity trunk-based development and AI-driven security scanning for modern GitHub repositories.

React Testing Pro

Implements robust, user-centric testing suites for React applications using Vitest, Jest, and React Testing Library.

Threat Modeling Techniques

Implements systematic security analysis methodologies to identify, assess, and mitigate software vulnerabilities during the design phase.

AppSec Smart Security Orchestrator

Automatically detects project tech stacks and executes a comprehensive parallel security analysis using relevant scanners and AI subagents.

Privacy Unawareness Analysis

Identifies and audits source code for privacy threats related to undisclosed data collection, missing consent mechanisms, and transparency gaps.

Regulatory Compliance & Privacy Auditor

Analyzes source code for privacy regulation violations including GDPR, CCPA, and HIPAA non-compliance.

Business Logic Security Auditor

Analyzes application workflows and business rules to identify logic-based security vulnerabilities that automated scanners often miss.

Denial of Service (DoS) Analysis

Scans source code to identify and mitigate vulnerabilities that could lead to service disruptions or resource exhaustion.

PASTA Risk & Impact Analysis

Calculates business-weighted risk scores and generates prioritized remediation roadmaps for the PASTA threat modeling framework.

Secrets Detection & Security Scanning

Identifies and remediates hardcoded credentials, API keys, and sensitive tokens across source code and git history.

AppSec Glossary

Provides instant definitions and framework mappings for application security terms and vulnerability classes.

AppSec Integrity & Supply Chain Security

Analyzes source code and CI/CD pipelines to detect software integrity violations, insecure deserialization, and supply chain vulnerabilities.

AppSec Plan Reviewer

Analyzes implementation plans and architecture designs to identify security vulnerabilities before a single line of code is written.

Golang Mockery Generator

Automates the creation and management of Golang interface mocks using mockery and go:generate to ensure consistent unit testing.

Systematic Debugging

Enforces a rigorous, four-phase methodology to identify root causes and implement reliable fixes for software bugs.

Verification Before Completion

Enforces rigorous verification and evidence-based reporting before any task or code change is marked as complete.

Privacy Detectability & Side-Channel Analyst

Analyzes source code for detectability threats and timing side channels to prevent unauthorized inference of system interactions.

Remote Unit Test Verifier

Executes and parses remote unit tests as a final quality gate for code verification.

Privilege Escalation Security Auditor

Identifies authorization vulnerabilities and privilege escalation paths within your source code using the STRIDE threat modeling framework.

Injection Security Analysis

Audits source code for SQL, NoSQL, and command injection vulnerabilities to align with OWASP Top 10 security standards.

Agent Skill Evaluator

Performs comprehensive security and safety assessments of agent skills and MCP servers to identify prompt injection risks, malicious code, and data exfiltration attempts.

Test-Driven Development (TDD)

Enforces a rigorous Red-Green-Refactor workflow by requiring failing tests before any production code implementation.

Race Condition Security Auditor

Analyzes source code to detect and remediate complex concurrency vulnerabilities like TOCTOU, double-spend bugs, and non-atomic operations.

PASTA Attack Simulator

Simulates realistic exploit chains and scores vulnerability exploitability using the PASTA threat modeling framework.

Web Application Testing

Automates and debugs local web applications using Playwright for robust end-to-end testing and UI verification.

STRIDE Threat Modeling

Performs comprehensive security threat modeling by dispatching parallel subagents to analyze codebases for STRIDE framework vulnerabilities.